Search papers, labs, and topics across Lattice.
This paper investigates the security of physical-layer authentication in scenarios where a legitimate user (Alice) communicates through a reconfigurable intelligent surface (RIS) while an attacker (Trudy) attempts to impersonate her using multiple antennas. The authors derive Trudy's optimal attack strategy and establish conditions for channel indistinguishability, revealing that under multipath conditions, Trudy cannot successfully impersonate Alice with a single antenna, but can do so under single-path line-of-sight conditions. The findings highlight vulnerabilities in physical-layer authentication systems, particularly in environments with varying channel conditions, emphasizing the need for robust security measures.
An attacker can successfully impersonate a legitimate user in physical-layer authentication under specific channel conditions, revealing critical vulnerabilities in current security frameworks.
In physical layer authentication, verification of a user鈥檚 identity is based on the characteristics of the transmission channel through which signals are delivered to the authenticator (Bob). In this paper, we assume that the signals received by Bob pass through a reconfigurable intelligent surface (RIS) (controlled by Bob) and that the legitimate transmitter (Alice) is equipped with one antenna. Conversely, the attacker (Trudy) has multiple antennas and uses precoding to deceive Bob鈥檚 verification. Assuming that Trudy knows all the channel matrices, we first derive her optimal attack strategy. Then, we analyse the conditions under which the channel estimated by Bob is indistinguishable when either Alice or Trudy is transmitting. When Trudy has a single antenna, we show that the indistinguishability condition cannot be met when the channels to the RIS are the result of propagation over multiple paths. For single-path line-of-sight (LOS) conditions, instead, Trudy can impersonate Alice although transmitting from a different position. We verify these results numerically and assess the security of the considered scenario, even when the indistinguishability conditions cannot be met.